A Prototype User Interface for Coarse-Grained Desktop Access Control (CMU-CS-03-200)

Viruses, trojan horses, and other malware are a growing problem for computer users, but current tools and research do not adequately aid users in fighting these threats. One approach to increasing security is to partition all applications and data based on general task types, or “roles,” such as “Personal,” “Work,” and “Communications.” This can limit the effects of malware to a single role rather than allowing it to affect the entire computer. We are developing a prototype to investigate the usability of this security model. Our initial investigation uses cognitive walkthrough and think-aloud user studies of paper prototypes to look at this model in the context of realistic tasks, and to compare different user interface mechanisms for managing data and applications in a role-based system. For most participants, our interface was simple to understand and use. In addition to a security model that is intrinsically useful, we believe development of this system will inform issues in the design and implementation of usable security interfaces, such as refinement of design guidelines.